Added datadog agent for BEX ECS

cloudwatch.tf

@@ -4,6 +4,12 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  */
 
+resource "aws_cloudwatch_log_group" "ecs" {
+  count = var.hms_instance_type == "ecs" ? 1 : 0
+  name  = local.instance_alias
+  tags  = var.apiary_tags
+}
+
 data "template_file" "s3_widgets" {
   count = length(local.schemas_info)
 

common.tf

@@ -78,3 +78,23 @@ data "aws_route53_zone" "apiary_zone" {
   name   = var.apiary_domain_name
   vpc_id = var.vpc_id
 }
+
+data "aws_secretsmanager_secret" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  name  = var.datadog_key_secret_name
+}
+
+data "aws_secretsmanager_secret_version" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  secret_id = data.aws_secretsmanager_secret.datadog_key[0].id
+}
+
+data "external" "datadog_key" {
+  count = length(var.datadog_key_secret_name) > 0 ? 1 : 0
+  program = ["echo", "${data.aws_secretsmanager_secret_version.datadog_key[0].secret_string}"]
+}
+
+provider "datadog" {
+  api_key  = chomp(data.external.datadog_key[0].result["api_key"])
+  app_key  = chomp(data.external.datadog_key[0].result["app_key"])
+}

templates.tf

@@ -61,6 +61,13 @@ locals{
     mysql_permissions      = "ALL"
     mysql_master_cred_arn  = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
     mysql_user_cred_arn    = data.aws_secretsmanager_secret.db_rw_user.arn
+
+    # Datadog variables
+    datadog_secret_key    = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
+    wd_instance_type      = var.hms_instance_type
+    metrics_port          = var.datadog_metrics_port
+    datadog_agent_version = var.datadog_agent_version
+    datadog_agent_enabled = var.datadog_agent_enabled
   })
 
   hms_readonly_template = templatefile("${path.module}/templates/apiary-hms-readonly.json", {
@@ -104,5 +111,12 @@ locals{
     mysql_write_db         = "${var.external_database_host == "" ? join("", aws_rds_cluster.apiary_cluster.*.endpoint) : var.external_database_host}"
     mysql_master_cred_arn  = var.external_database_host == "" ? aws_secretsmanager_secret.apiary_mysql_master_credentials[0].arn : null
     mysql_user_cred_arn    = data.aws_secretsmanager_secret.db_ro_user.arn
+
+    # Datadog variables
+    datadog_agent_enabled = var.datadog_agent_enabled
+    datadog_secret_key    = length(var.datadog_key_secret_name) > 0 ? chomp(data.external.datadog_key[0].result["api_key"]) : ""
+    wd_instance_type      = var.hms_instance_type
+    metrics_port          = var.datadog_metrics_port
+    datadog_agent_version = var.datadog_agent_version
   })
 }

templates/apiary-hms-readonly.json

@@ -39,7 +39,7 @@
     ],
     "command": ["sh", "/allow-grant.sh"]
   },
-%{ endif } 
+%{ endif }
   {
     "name": "apiary-hms-readonly",
     "image": "${hms_docker_image}:${hms_docker_version}",
@@ -73,7 +73,7 @@
         "condition": "SUCCESS"
       }
     ],
-%{ endif } 
+%{ endif }
     "environment":[
       {
         "name": "MYSQL_DB_HOST",
@@ -179,4 +179,36 @@
 %{ endfor }
    ]
   }
-]
+%{ if datadog_agent_enabled }
+  ,{
+    "name": "datadog-agent",
+    "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}",
+    "essential": true,
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "${loggroup}",
+        "awslogs-region": "${region}",
+        "awslogs-stream-prefix": "/"
+      }
+    },
+    "environment": [
+      {
+        "name": "DD_API_KEY",
+        "value": "${datadog_secret_key}"
+      },
+      {
+        "name": "ECS_FARGATE",
+        "value": "true"
+      }
+    ],
+    "healthCheck": {
+      "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"],
+      "interval": 5,
+      "retries": 3,
+      "startPeriod": 60,
+      "timeout": 5
+    }
+  }
+%{ endif }
+]

templates/apiary-hms-readwrite.json

@@ -231,4 +231,36 @@
 %{ endfor }
     ]
   }
-]
+%{ if datadog_agent_enabled }
+  ,{
+   "name": "datadog-agent",
+   "image": "public.ecr.aws/datadog/agent:${datadog_agent_version}",
+   "essential": true,
+   "logConfiguration": {
+     "logDriver": "awslogs",
+     "options": {
+       "awslogs-group": "${loggroup}",
+       "awslogs-region": "${region}",
+       "awslogs-stream-prefix": "/"
+     }
+   },
+   "environment": [
+     {
+       "name": "DD_API_KEY",
+       "value": "${datadog_secret_key}"
+     },
+     {
+       "name": "ECS_FARGATE",
+       "value": "true"
+     }
+   ],
+   "healthCheck": {
+     "command": ["CMD-SHELL", "curl -f http://localhost:18000/actuator/health || exit 1"],
+     "interval": 5,
+     "retries": 3,
+     "startPeriod": 60,
+     "timeout": 5
+   }
+ }
+%{ endif }
+]

variables.tf

@@ -715,3 +715,21 @@ variable "hms_ro_request_partition_limit" {
   type        = string
   default     = ""
 }
+
+variable "datadog_key_secret_name" {
+  description = "Name of the secret containing the DataDog API key. This needs to be created manually in AWS secrets manager. This is only applicable to ECS deployments."
+  type        = string
+  default     = null
+}
+
+variable "datadog_agent_version" {
+  description = "Version of the Datadog Agent running in the ECS cluster. This is only applicable to ECS deployments."
+  type        = string
+  default     = "7.50.3-jmx"
+}
+
+variable "datadog_agent_enabled" {
+  description = "Whether to include the datadog-agent container. This is only applicable to ECS deployments."
+  type        = bool
+  default     = false
+}